Bargainbox Email unsubscribe BS

Forums › Off topic › Bargainbox Email unsubscribe BS

1 | 2 | 3

11294 posts

Uber Geek
+1 received by user: 10018

Trusted

Lifetime subscriber

#3069770 30-Apr-2023 22:46

Inphinity:
Which is probably worse, because more (most modern) browsers will display a similar error for an invalid cert, than simply being HTTP.

It's even worse if the site uses HSTS because then there's no way to bypass the stupid warning.

SirHumphreyAppleby

2939 posts

Uber Geek
+1 received by user: 1860

#3069785 1-May-2023 06:28

yitz:

Whether the client side browser is correct to upgrade the connection is debatable... the server in question here is certainly not indicating any preference for an upgrade in anyway so is a fully client side decision.

In this case, no the browser isn't right to upgrade the connection. If it is going to attempt to do such things, it should expect a SN failure and fallback to HTTP.

Historically, or more accurately, until recently (SNI), HTTPS only supported a single site per IP. Many servers are still configured as if they can only host one HTTPS site and this will result in a SN error as seen here. Even if the certificate were bypassed, depending on the server and how its configured, it may not provide access to the desired site via HTTPS, only HTTP.

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 857

#3070199 1-May-2023 23:11

yitz:

Whether the client side browser is correct to upgrade the connection is debatable... the server in question here is certainly not indicating any preference for an upgrade in anyway so is a fully client side decision.

https://brave.com/privacy-updates/22-https-by-default/

There we go. So it's not actually a Bargain Box issue.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#3070228 2-May-2023 07:54

Jase2985:

freitasm:

Users don't need to know the technical aspects.

correct so does it mater that its not HTTPS?

Yes, it does matter.

HTTPS is the more secure method of communication.
For years we've been telling everybody to look for the green lock in the address bar. Trying to ignore the error & continue works against that & trains the populace to click Yes/OK/Continue on everything
It will stop a large portion of the subscribers from completing the unsubscribe process.
- this means the company will waste resources storing customer details & sending out unnecessary emails
- the subscriber will mark the emails as spam which wastes their time
- the company will receive a negative rating in the spam filter, requiring them to spend more resources onoptimising their emails, reaching new customers & others

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 857

#3070243 2-May-2023 09:14

ANglEAUT:

It will stop a large portion of the subscribers from completing the unsubscribe process.

Hard disagree. I'd wager fewer than 1% of customers of Bargain Box would be using Brave browser.

Jase2985

13730 posts

Uber Geek
+1 received by user: 6202

ID Verified

Lifetime subscriber

#3070417 2-May-2023 13:02

the question to @getontoit99 is do they get the error in a different browser or is it only happening because the browser is trying to upgrade the link?

FWIW i open a bargain box unsubscribe link on my PC, chrome, edge and FF, and it opens fine no errors no nothing from the HTTP link so i suspect the crux of this issue is the OP's browser.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

getontoit99

85 posts

Master Geek
+1 received by user: 28

Lifetime subscriber

#3070452 2-May-2023 13:47

The issue was and is still occuring with Brave, Chrome and Edge on my Windows 10 PC. Here's the link.

Unsubscribe

I posted this behaviour simply as an observation to share.

Since there seems to such a high level of interest, I just tried the link on my Ubuntu box in Brave.

Brave on Linux indicates "Not secure" to the left of the URL and reports that I have unsubscribed (which I had already done).

Unlike Chrome, Brave and Edge on my PC, there was no "Warning Will Robinson" popup like below. (That must show my age😁)

Thanks all for taking such an interest.

dm2000

319 posts

Ultimate Geek
+1 received by user: 38

ID Verified

Lifetime subscriber

#3070454 2-May-2023 13:51

No issue here on desktop versions of Edge, Chrome, or Firefox

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 857

#3070461 2-May-2023 13:58

Nope, works absolutely fine for me using the default settings. I am virtually certain by this point that you have tweaked a security setting somewhere. In all likelihood, Bargain Box haven't noticed. Did you try telling them?

To help, I have clicked the Unsubscribe button for you :)

getontoit99

85 posts

Master Geek
+1 received by user: 28

Lifetime subscriber

#3070464 2-May-2023 14:05

Yes, I did advise them. Yesterday. Forgot to mention, sorry.

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 857

#3070465 2-May-2023 14:12

What are the certificate details showing if you click through for more info on the padlock?

Dyson

Shop now for Dyson appliances (affiliate link).

yitz

2239 posts

Uber Geek
+1 received by user: 594

#3070484 2-May-2023 14:30

The issue might be because the modified https: link was copy & pasted from Brave into Chrome/Edge and these browsers may try https: on subsequent navigation attempts. The initial response from navigation to https: sets the HTTP Strict Transport Security (HSTS) header.

SirHumphreyAppleby

2939 posts

Uber Geek
+1 received by user: 1860

#3070486 2-May-2023 14:33

boosacnoodle:

What are the certificate details showing if you click through for more info on the padlock?

The pertinent information is this...

ERR_CERT_COMMON_NAME_INVALID

"The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net, *.akamaized.net"

dacraka

771 posts

Ultimate Geek
+1 received by user: 165

ID Verified

Trusted

#3070490 2-May-2023 14:39

So looking up "click.info.bargainbox.co.nz" the DNS is pointing to "click.exacttarget.com.mdc.edgesuite.net".

Asking ChatGPT who uses"click.exacttarget.com.mdc.edgesuite.net", results in the following answer:

"The domain click.exacttarget.com.mdc.edgesuite.net is a subdomain of edgesuite.net, which is a content delivery network (CDN) used by Akamai Technologies to distribute content across the internet. The subdomain click.exacttarget.com is used by the email marketing platform ExactTarget, which is now a part of Salesforce Marketing Cloud.

The purpose of the subdomain click.exacttarget.com.mdc.edgesuite.net is to track clicks on links within emails sent through ExactTarget. When a user clicks on a link in an email, they are redirected to a URL that begins with click.exacttarget.com.mdc.edgesuite.net, which then redirects them to the final destination URL. This process allows ExactTarget to track which links in their emails are being clicked on and how many times, providing valuable data for their clients to measure the effectiveness of their email marketing campaigns."

So Bargain Box is using a third party email tracking company (currently Salesforce Marketing Cloud) and either Bargain Box IT has not set up https properly for it or Salesforce doesn't support https for it.

yitz

2239 posts

Uber Geek
+1 received by user: 594

#3070515 2-May-2023 14:47

http: link is followed for a web site that does not have TLS/SSL enabled.
User agent/browser unhelpfully insists on using security.
User then proceeds to paste https: link into other browsers giving rise to more errors.

/thread

1 | 2 | 3